关联漏洞
标题:
OpenPLC 代码注入漏洞
(CVE-2021-31630)
描述:OpenPLC是一种开源的可编程逻辑控制器。可为自动化和研究提供低成本的工业解决方案。 OpenPLC v3 存在代码注入漏洞,该漏洞源于产品的web服务中 /hardware 页面的Hardware Layer Code Box组件未能过滤输入的特殊字符。攻击者可通过该漏洞执行系统命令。
描述
OpenPLC 3 WebServer Authenticated Remote Code Execution.
介绍
# CVE-2021-31630
OpenPLC 3 WebServer Authenticated Remote Code Execution.
## Description
The presence of Command Injection in Open PLC Webserver v3 enables remote attackers to run arbitrary code by exploiting the "Hardware Layer Code Box" component found on the "/hardware" page of the application.
Only tested in Wifinetictwo.htb machine from hackthebox.
## Usage
```
usage: openplc_exploit.py [-h] [--usage] --ip ADDR --port PORT --target URL -U USER -P PASSWORD
[--payload-program PAYLOAD_PROGRAM]
options:
-h, --help show this help message and exit
--usage show usage message
--ip ADDR ip address for the reverse connection
--port PORT port number to the reverse connection
--target URL target url. Example: http://localhost:8080
-U USER, --username USER
username to log int to openplc web server
-P PASSWORD, --password PASSWORD
password to log in to openplc web server
--payload-program PAYLOAD_PROGRAM
structured text openplc format to send to /upload-program
```
## References
- [CVE-2021-31630](https://www.clouddefense.ai/cve/2021/CVE-2021-31630)
文件快照
[4.0K] /data/pocs/b4d430832a23b5bd6f6acd28b4f49cc5e576a1cc
├── [9.2K] exploit.py
└── [1.2K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。